Citibank Tries to Hush ATM Crypto Vulnerability

palme999 writes "Citibank is trying to get a gag order for new vulnerabilities found in the cryptographic equipment commonly used to protect the PINs of ATM transactions. The vulnerabilities came to light during a court case involving 'phantom' ATM transactions that users deny making but that banks still charge to customers accounts because they claim their systems are secure."

ATM? I don't need no stinkin' ATM!

[zmcgrew]

Hehe.
The ATM in the WalMart by us runs Windows.
And it crashes, gives blue screens, and popup error messages all the time.

Who needs security when the system can't even run stabily?

cool

[Anonymous Coward]

I've been using automated debit for years to pay all of my bills.

Maybe I can get all of that money back.

Re:in case of /.

[Anonymous Coward]

Nice formatting, why not go vomit on some toddlers while you're at it?

Tell 'em to prove it.

[Dolemite_the_Wiz]

If Citibank sez that their systems are secure. Tell 'em to prove it.

Dolemite

So easy to read!

[Anonymous Coward]

Thanks for making sure it looked okay!

New System

[alaric187]

Oh you guys, that's just Citibank's patented Security Through Litigation (tm) method. I hear it works wonders on keeping financial info secure.

woah!

[spazoid12]

I'd better go back and tell my 12-year-old self not to get an ATM card!

Submission to /.

[prgammans]

So they submitted it to /. to gag it for them.
Much quicker then a court order.

PINs can't work, only RSA will do.

[Anonymous Coward]

We should teach our kids at school how to raise a 200-digit challenge number to a secret 200-digit power, modulo a 200-digit composite public key, all in their head. Then ATM machines could use this math to achieve secure authentication.

Re:ATM? I don't need no stinkin' ATM!

[spasm]

really? where do you live? {grin}

Re:and only 15minutes ago..

[kfg]

For what it's worth, they're called "cash machines" here in the colonies as well.

A west coastism is to refer to twenty dollar bills as "Yuppie Foodstamps" because cash machines only dispense twenties, and thus people who rely on them never seem to have anything but.

KFG

Credit please

[grub]

involving 'phantom' ATM transactions that users deny making but that banks still charge to customers accounts because they claim their systems are secure

"Honestly, Mr. Citibank Manager, why would I guy several cases of Fort Garry Ale [fortgarry.com] or Guinness [guinness.ie]? I demand you credit my account.

Coincidence..., I think not.

[revery]

First there was the Phantom Menace, then there was the Phantom Edit, now we have "phantom" transactions... coindidence? I think not.

George Lucas is involved here somwhere.

--

I sense a great disturbance in the fiber, as if a million ATM transactions were suddenly silenced...

Go back to sleep children

[ralphus]

Everything is ok.

Your money is safe.

The world is simple.

You are with us or against us.

Go buy yourself something, you deserve it.

Those in charge know what they are doing and will take care of you.

Re:woah!

[Rojo^]

You never saw Terminator 2 then, huh? =)

Old news

[MarkGriz]

A young John Connor figured out how to crack PINs way back in 1991 [imdb.com]. How is this "News" for Nerds?

Candid Camera

[scottennis]

Don't most ATMs have cameras now that take your picture when you do a transaction?

When these "phantom transactions" occur, I assume there is a picture taken of a dark wraith in a hooded cloak.

But seriously, wouldn't the bank have your picture if you had performed a transaction?

What really happened..

[Metallic Matty]

Citibank Tries to Hush ATM Crypto Vulnerability..

The problem was discovered in the syste-
*sounds of struggle*
Where are you throwing meeeeee...

I just had a thought. . .

[Rojo^]

The vulnerabilities came to light during a court case involving 'phantom' ATM transactions that users deny making but that banks still charge to customers accounts because they claim their systems are secure."

What the fuck are there video cameras embedded in ATMs for? When do they turn on? Have my efforts to moon the bank people been completely in vain?

My experience with ATM cameras...

[bearl]

So here's my ATM camera story...

In 1983, my first job out of college was as an internal auditor at a small regional bank that had only seven branches. We were just installing ATMs and most of our customers were elderly types who weren't interested in these new fangled computers. I, being young and more enlightened, loved them, used them all the time, and rarely carried much cash at all, preferring to just stop by a convenient ATM for a fresh withdrawal. This was in the days when banks considered ATMs as a money saver because customers would use the ATM rather than coming inside to bother a teller, thus saving the bank loads of money by reducing the number of tellers they had to employ, so there were no fees. But I digress...

One of our older patrons had his ATM card misappropriated by a handyman, family member, or other close associate, and said villian used the card to make several large withdrawals. The customer reported the problem, we told the system to capture the card on the next use, and waited.

Within a week, the card was used, and captured. The film from the camera was sent off (these days it's probably digital). The ATM company found that either our tellers had been ordering the wrong kind of film for our ATMs, or they had been sending us the wrong kind, or the tellers where installing it wrong, or something. They sent a note with that info to our President, explaining that the photo was probably the wrong person and wouldn't hold up in court, along with the developed photograph.

Fortunately he read the note before he looked at the photograph, because the guy in the photo was me! He came into my office and with as serious an expression as he could manage, told me they had the photo back, and had their man (I didn't know about the problem with the film at this point). He slid open the envelope, and there in stark black and white was me, probably on a Saturday morning, unshaven and in a dirty Ramones t-shirt.

I stuttered for a few seconds but he couldn't hold it together and started laughing. Needless to say that photo appeared all over the bank for the next several years, along with signs like "Have you seen this man?" and "Do not serve - notify security." We figured that since I used the ATM so much, I was probably on 85% of the photos on the film. The odds were pretty good that with the indexes being wrong I would come up, but it couldn't have been a worse photograph.

Oh, eventually the real crook was caught because he came into the bank to complain that the ATM had taken "his" card and the replacement hadn't arrived yet.

Re:ATMs are fallible in lots of ways

[shotgunefx]

I got shorted $20 dollars once. Luckily I counted it in front of the ATM (which has a video, most here do) and got really pissed off.

I held it up and counted, like there was a little guy in there and started screaming at it. I went to my bank the next day, and the say they had to review it. A few days later they credited me. I assume one of the things they did was look at the tape.

Now I always count it in front of the camera so if there is a problem I've got proof.

Re:and only 15minutes ago..

[L7_]

But there is no other way to tell if you're alive in Wisconsin unless you go to the Pulse Machine.

Re:What really happened..

[LoadStar]

We apologise for the fault in the last post. Those responsible have been sacked.

Re:An old vulnerability

[blair1q]

When does he get out of prison?

m$ wants sites to stay unavailable

[klparrot]

Click the Refresh button, or try again later.

Gotta love how when the server gets too busy, it suggests you keep hammering it. :)